CODEWITHSUNDEEP
wordpresssecuritysslhttpshosting
Kard Nails
Kard Nails

Reputation: 157

Loading unsecured elements - no https on whole site

So I have SSL included with my hosting, but I noticed the site I setup a month or so ago does not appear as secure. I spoke with them as to why and they said it is because I am loading unsecured elements on the page, which makes the whole site appear as not secure to the browsers.

It's just a Wordpress installation with a theme bought of Envato market. Unfortunately I don't understand what this means and they don't seem very eager to explain either, so I'm looking for some help. How do I go about fixing this? There are no payments or anything of the sort on the site, but getting "connection not secure" everytime you open it is not cool.

Upvotes: 0

Views: 95

Answers (3)

Pak Uula
Pak Uula

Reputation: 3445

Kard, I too have a WordPress with a theme bought at Envato.

To switch my site to SSL I

i. Set the site url in Settings-General to https scheme.

ii. Defined redirect in htaccess

# SSL
RewriteCond %{ENV:HTTPS} !=on
RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

This worked fine.

Upvotes: 1

AaronSmith
AaronSmith

Reputation: 37


Make sure you have updated .htaccess file in your site's main directory 

# BEGIN WordPress
    
    RewriteEngine On
    RewriteCond %{SERVER_PORT} !^443$
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
    


# END WordPress</pre>

I hope your site will now force all connections to be secure.

OR, You can install plugin called Fix SSL/Non-SSL Links that will force all image, CSS, and JS file requests inside the HTML page produced by Wordpress that matches the page request's HTTPS protocol.

Upvotes: 1

Evo
Evo

Reputation: 119

You have to check which protocol is used for all files loaded from remote. If you get the "connection not secure" message you have to check all the loaded files for http and have to change it to https.

E.g.: http://www.google.com/humans.txt must be changed to https://www.google.com/humans.txt

You can check all loaded files per Google Chrome via Plugin like HTTPS Mixed Content Locator

or by:

  • Open the website on Google Chrome
  • Press F12
  • Open the network tab
  • Press f5 to reload everthing
  • There is has all the information you should need. Hover over a request to check whether it uses http or https

(copied from - here)

Upvotes: 1

Related Questions